It is known how to centralize access control procedures to several separate Internet sites using a specific Internet service. A user uses this specific service to perform a Single Sign In (SSI) access control procedure to access secure contents of sites referenced with this specific service and for which the user is registered. When the user wants to access secure contents on a referenced Internet site for which he is registered, he is transferred to this specific service to perform the access control procedure. Once this procedure has been done, the user can browse without needing to identify himself on all other referenced sites for which he is registered.
The PASSPORT service, available from Microsoft Corporation, allows sites to be referenced with it and to perform access control procedures for these sites. User identification data are stored solely on a PASSPORT server. Therefore, this type of service avoids the need for referenced sites to manage the access control procedure and storage of identification data themselves.
However, even if a secure central procedure is used, user identification data are transmitted on the Internet network between a user's terminal and a server in the central access control service. It is known that transmission of data on the Internet network is not perfectly secure, which can be disadvantageous when, for example, the user wants to access strictly confidential information such as his bank accounts.
It is known how to authenticate a user by sending to the mobile telephone a short message service (SMS) message asking the user to send a password or an acknowledgement of reception. The reply sent by the user from his mobile telephone is then processed by a computer network central access control service. Therefore, the user password is not transmitted on the Internet network which makes the access control procedure relatively secure.
However, in this prior art, the central access control service is imposed on the user by a site including the contents that the user would like to access. Therefore, the user is not assured about the quality and source of this central service or about the data exchange made between the central service and the mobile telephone of the user. In particular, billing of messages sent between the user and the central access control service must be perfectly transparent. If the user has to pay, he must be able to transfer his bank account data to the central service without taking any risks. As already mentioned above, the central access control service may be unknown to the user, resulting in an insecure exchange of data between the user on his terminal or his mobile terminal.